1
INPUT PAPER
Prepared for the Global Assessment Report on Disaster Risk Reduction 2015
RISK GOVERNANCE: AN OVERVIEW OF DRIVERS AND SUCCESS FACTORS
Marie-Valentine Florin
International Risk Governance Council
Jianhua Xu
Peking University
12 January 2014
2
Introduction
This paper from the International Risk Governance Council proposes a broad review of what
risk governance is about and the main deficits that often hinder effective governance of
complex, uncertain or systemic risks. Working to overcome identified roadblocks to effective
disaster risk management is a first way to go. However, rather than proposing specific
measures to improve disaster risk reduction such as particular national institutional and legal
frameworks, this paper aims to propose and discuss some of the drivers and hallmarks of
success, focusing on how countries and organisations organise internally to deal with risk.
For example, the paper will not recommend specific policy options, but recommend the
creation of appropriate internal cultures for risk governance. Adequate mind-sets, relevant
incentives and other endogenous factors are key in setting the ground for the design of
effective policies and strategies, the development of internal standards and institutional
culture, as well as effective practices, habits, customs and sensitivities towards disaster risk
reduction. In times of budget constraints and lack of dedicated and adequate resources,
dealing with the challenges ahead requires innovation and creativity, for example in how to
harness the potential of community engagement, sharing information and learning from
experience in other sectors or countries and designing shared objectives.
3
Contents
Introduction .................................................................................................. 2
List of figures and boxes ............................................................................... 4
1 Risk governance ................................................................................ 5
1.1 Risk ................................................................................................................. 5 1.2 Risk governance ................................................................................................ 5 1.3 The IRGC risk governance framework ................................................................. 6 1.4 Importance of framing the risk governance context .............................................. 8 1.5 Options for dealing with systemic risk ................................................................. 8
2 Challenges in risk governance ........................................................ 11
2.1 Risk governance deficits ................................................................................... 11 2.2 Vulnerability is increasing, hence the need to consider resilience building ............. 12 2.3 When there are controversies about risk knowledge ........................................... 13 2.4 Challenges for public institutions ....................................................................... 14
3 Hallmarks and drivers of effective risk governance ....................... 15
3.1 Communicating risk and mobilising the creation of an appropriate risk culture ...... 16 3.2 Involving stakeholders, including public authorities, private sector and local
communities ................................................................................................... 17 3.3 Developing transparency in goal setting and means to deal with uncertainty and
conflicts .......................................................................................................... 17 3.4 Designing and implementing schemes for ascertaining accountability ................... 18 3.5 Learning how to make decisions under uncertainty: Introducing flexibility and
adaptability in decisions ................................................................................... 19 3.6 Removing perverse incentives and providing positive incentives .......................... 20 3.7 Building appropriate safety margins into the systems, to reduce vulnerability and
increase resilience ........................................................................................... 22 3.8 Designing and implementing integrated risk management .................................. 22 3.9 Setting priorities, including for resource allocation .............................................. 23 3.10 Budgeting risk management and public investment decisions .............................. 24 3.11 Preparing for the possibility that the “worst-case” scenarios may happen ............. 25
Conclusion ................................................................................................... 27
References .................................................................................................. 28
About the authors ........................................................................................................ 29
4
List of figures and boxes
Figure 1: IRGC risk governance framework ....................................................................... 6
Figure 2: Risk governance - the role of context ................................................................. 8
Figure 3: Risk management strategies ............................................................................ 10
Figure 4: Deficits in assessing and understanding risks .................................................... 11
Figure 5: Deficits in managing risks ............................................................................... 12
Figure 6: Losses from floods in Tabasco, Mexico, in 2007 and 2009 .................................. 25
Box 1: Flood performance of new buildings .................................................................... 10
Box 2: Disaster risk reduction in Peru ............................................................................. 14
Box 3: Critical factors for successful disaster risk reduction .............................................. 16
Box 4: Communicating hazards and risks in New Zealand ................................................ 17
Box 5: Transparency and accountability in Indonesia ....................................................... 18
Box 6: Hurricane Katrina - confusion of responsibilities .................................................... 19
Box 7: New risk taking .................................................................................................. 21
Box 8: Integrated risk management in government ......................................................... 23
Box 9: Multi-hazard mapping and national risk profile in Rwanda ...................................... 23
Box 10: OECD methodological framework for disaster risk assessment and risk financing ... 24
Box 11: Mexico FONDEN ............................................................................................... 25
5
1 Risk governance
1.1 Risk
The IRGC defines risk as the uncertain negative consequence of an event or an activity with
regard to something that humans value (IRGC, 2005). This definition highlights two aspects:
• The reference to uncertainty and its consequences, to provide the context for a definition
of risk that is broader than a function of the likelihood of occurrence of a hazard (and
quantified probability) and the severity of impact (which depends on exposure and
vulnerability).
• Focusing on what has a value, to provide a goal and force stakeholders to define what is of
value to them, in order to direct risk management effort to protecting what provides valuable
services.
Risk may not be only negative, in many cases, it is an indespensible part of our lives and it is
in fact important that societies and individuals can take risks. Decision makers may
defensibly choose to take risks to obtain the associated benefits. Indeed, risk taking may be
crucial to achieving technological change, economic development and social welfare.
Furthermore, strategic risk managers, as well as social or political entities or movements, can
frame an issue as a risk so as to push it forward on the public agenda or transform the way
the issue was previously handled. Politically, this can serve the goal of setting the agenda for
a given problem and drawing public attention to it. It can also suggest that the problems,
defined as risk, can be controlled, at certain conditions, and that risk management processes
and instruments can be useful for that purpose (Borraz, 2007).
1.2 Risk governance
Policymaking for disaster risk reduction can be a highly contentious and difficult process, due
to the multiple uncertainties that often characterize both scientific information and policy
interests and constraints. Most problems on the agenda of governments, international
organizations, multinational firms and large non-governmental organizations reveal
complexity and interdependencies, gaps in the available and needed data. Furthermore,
policymaking relies on information that may be open to multiple viewpoints (ambiguity and
controversy), and limited due to the difficulty in anticipating the future.
Decision making about risk nowadays needs to take a holistic approach for the management
of uncertainty. Covering a wide range of instruments, tools and concepts, risk governance
can provide such an approach, as it revolves around a central process: the production,
evaluation and use of knowledge for decision making, especially when evidence-based
knowledge is initially lacking, incomplete, open to debate, or dependent on alternative
futures. The use of the term “governance” highlights the political nature of decision making
on uncertain issues and a process that is broader than risk management.
Risk governance is a multi-stakeholder process toward creating more efficient, cost-effective,
fair and equitable management of risk. It is particularly valuable for risks in which there is
6
some disconnect between the risk source and the risk bearer and for complex risks with
uncertainty and ambiguity.
Risk governance includes the identification, assessment, management and communication of
risks in a broad context. It includes the totality of actors, rules, conventions, processes and
mechanisms concerned with how relevant risk information is collected, analysed and
communicated, and how and by whom management decisions are taken.
1.3 The IRGC risk governance framework
The IRGC has developed a “framework” for risk governance that proposes a broad and
comprehensive while flexible and adaptable set of guidelines for risk governance.
Figure 1: IRGC risk governance framework
• The first step, called Pre-assessment includes the determination of the context,
the goal and the purpose, as well as the boundaries of the analysis. It is a framing
exercise. It also relies on early warning, and preparations for handling it. Pre-assessment
involves relevant stakeholder groups, so as to capture the various perspectives on the risk,
its associated opportunities, and potential strategies for addressing it. In the case of natural
hazards, stakeholders whose behaviour can trigger the materialisation of the hazard or can
be affected by the risk because they are exposed and vulnerable to it, can together define
the boundaries of the risk analysis that will follow.
• Risk appraisal goes beyond the conventional scientific risk assessment, which
usually aims to identify and describe the possibility of occurrence or a probability distribution
over a range of negative consequences (frequency x severity). IRGC’s proposal for risk
appraisal also involves an assessment of different stakeholders’ potential concerns about the
risk. The concern assessment is a key feature of the IRGC framework, and aims to
incorporate the values and emotions that may be associated with the risk. It explicitly
recognises that people’s decisions about how to handle a risk are governed by their
perceptions of the risk as well as their perhaps more emotional and value-laden concerns.
7
Both the risk assessment and the concern assessments involve state-of-the-art scientific
methodologies. They involve natural sciences as well as social sciences (such as sociology,
psychology, political sciences, anthropological behavioural sciences).
Other features of risk appraisal thus include: data collection and sharing, interdisciplinary
scientific and concern assessment and capability assessment.
A number of cognitive and organisational biases are often present in natural hazard and risk
assessment. It is often “surprising” how possibly affected people can live with and accept a
risk without doing much for their mitigation, although they are fully aware of their possibility
of occurrence and potential for damage. The search for associated benefit is often the main
reason. But in disaster risk prevention and assessment, the role of culture, tradition and in
general the “human factor” can have a large effect on the effectiveness of science-based risk
management measures.
• Risk evaluation is a judgment about the overall severity of the risk and the need
to take management measures.
Managing risk requires a prior and careful judgment of whether or not a risk is acceptable
and if not, whether risk reduction is considered necessary to make it more tolerable. The
evidence based on the scientific and concern assessment of a risk must be combined with a
thorough evaluation of other factors such as societal values, economic interests and political
considerations. Risk is judged tolerable when it can be pursued because of its benefits, but
subject to appropriate risk reduction measures. Risk evaluation concludes with the design of
a portfolio of risk management options before making decisions on those that will be
implemented.
• Risk management involves the development, decision and evaluation of the
actions required to avoid, reduce, transfer or retain the risks.
All tolerable risks need appropriate and adequate risk management, with the view that the
residual risk is acceptable, given the risk tolerance level of the affected organisation, system
or population. Based on the development of a range of options and a consideration of the
most appropriate of them, risk management decisions are taken and put into practice. Risk
management includes the generation, assessment, evaluation and selection of appropriate
risk-reduction options as well as implementing the selected measures, monitoring their
effectiveness and reviewing the decision if necessary.
• Communication is of utmost importance in effective risk governance. First, it
enables risk assessors and risk managers to develop a common understanding of their tasks
and responsibilities (internal communication) and second, it empowers stakeholders and civil
society to understand the risk and the rationale for risk management (external
communication). It also allows them to make informed contributions to risk governance,
recognises their role in the risk governance process and gives them a voice by creating a
deliberate two-way process. Once the risk management decision is made, communication
should explain the rationale for the policy decisions and allow people to make informed
choices about the risk and its management, including their own responsibilities. Effective
two-way communication, thus dialogue, is the key to creating trust in risk management.
8
1.4 Importance of framing the risk governance context
Risk managers need to define the boundaries of their analysis, in consideration of all causes
and consequences of the risk. Direct as well as indirect consequences (secondary or ancillary
risks) need to be taken into account, especially if the risk can affect populations far away
from its source, or when moral hazard develops, as a result of disconnect between risk
takers and risk bearers. However some limits, or boundaries, must be drawn in order to
focus on an achievable goal. Thus, framing the context in which the governance of a risk
must be improved is critically important for successful outcome. It helps define the goal and
will also create the rationale and legitimacy for involving stakeholders.
Effective governance of most systemic risk requires that the broader social, institutional,
political and economic contexts must be taken into account in risk-related decision making. It
is important to recognise the organisational capacity, which refers to the capability of key
actors in the risk governance process to fulfil their roles, and the network of actors. Also
important are the political and regulatory culture and, in general, the social climate, which
determines the risk culture. Developing appropriate risk cultures in a given context impacts
on the level of risk tolerance (or risk aversion), and the degree of trust in the institutions
responsible for risk governance.
Figure 2: Risk governance - the role of context
1.5 Options for dealing with systemic risk
The term “systemic risk” was used and defined by the OECD (OECD, 2003) and denotes the
embeddedness of any risk to human health and the environment in a larger context of social,
financial and economic consequences and increased interdependencies both across risks and
between their various backgrounds. Systemic risks are at the crossroads between natural
events (partially altered and amplified by human action such as the emission of greenhouse
gases), economic, social and technological developments and policy-driven actions, both at
the domestic and the international level. These interrelated and interdependent risk fields
9
also require a specific form of handling risk, in which data from different risk sources are
either geographically or functionally integrated into one analytical perspective. Handling
systemic risks requires a holistic approach to hazard identification, risk assessment, concern
assessment, tolerability/acceptability judgements and risk management (IRGC, 2005).
Systemic risks are characterised by complexity and uncertainty. Their potential damage is
not limited to an economic sector or a geographical area. As challenges such as those posed
by scientific understanding of natural hazards, of climate change and of consequences of
technological developments become frequent, policy making under uncertainty and
ambiguity is becoming the norm and international and national institutions alike are working
to improve their ability to deal with uncertainty and ambiguity.
Risk characterisation
It is useful to characterise systemic risks according to the type of knowledge about them,
considering that most potentially large scale systemic risks are complex, with scientific
uncertainties and often controversies about their assessment and management.
• Complexity refers to difficulties in identifying and quantifying the causes of specific adverse
effects. Examples of complex risks include the risks of disruption of interconnected
infrastructures, such as large electricity grids, as consequences of natural disaster risk.
Complex issues can normally be handled by scientific and empirical research and expert
technical work.
• Uncertainty refers to a lack of scientific or technical data, or a lack of clarity or quality of
the data. Uncertainty describes the level of confidence that analysts associate with a
qualitative or quantitative assessment of a specific risk. Uncertain risks include the effect of
climate change on the frequency and severity of natural hazards.
• Ambiguity results from divergent perspectives on the risk, including the likelihood and
severity of potential adverse outcomes. Risks that are subject to high levels of ambiguity
include issues for which economic or ethical issues matter, such as in the case of
environmental migrations or entire displacement of population due to their land becoming
inhospitable. People’s values and interests can differ widely and create conditions for
contestation or conflict.
Distinguishing between simple, complex, uncertain and ambiguous risks can help in
designing a risk management strategy.
• Simple risk problems can be managed using a ‘routine-based’ strategy, such as introducing
a law or regulation.
• Complex risks can be addressed on the basis of accessing and acting on the best available
scientific expertise, aiming for a ‘risk-informed’ and ‘robustness-focused’ strategy.
Robustness refers to the degree of reliability of the risk-reduction measures to withstand
threatening events or processes that have not been fully understood or anticipated.
• Uncertain risks are better managed using ‘precaution-based’ and ‘resilience-focused’
strategies, with the intention being to apply a precautionary approach to ensure the
10
reversibility of critical decisions and to increase a system’s coping capacity to the point where
it can withstand surprises.
• Finally, for ambiguous risk problems the appropriate approach comprises a ‘discourse-
based’ strategy that seeks to create tolerance and mutual understanding of conflicting views
and values with a view to eventually reconciling them.
Figure 3: Risk governance strategies (adapted from: IRGC risk governance framework, 2005)
Box 1: Flood performance of new buildings
Example: flood performance of new buildings
• Flood avoidance: Constructing a building and its surrounds (at site level) in such a way to avoid it
being flooded, e.g. by raising it above flood level, re-siting outside flood risk area.
• Flood resistance: Constructing a building in such a way to prevent floodwater entering the
building and damaging its fabric (water exclusion strategies to build resistance).
• Flood resilience: Constructing a building in such a way that although flood water may enter the
building its impact is reduced, i.e. no permanent damage is caused, structural integrity is
maintained and drying and cleaning are facilitated (water entry strategies to build resilience).
• Flood reparability: Constructing a building in such a way that although flood water enters a
building, elements that are damaged by flood water can be easily repaired or replaced. This is also
a form of flood resilience.
(RIBA, 2007)
11
2 Challenges in risk governance
2.1 Risk governance deficits
A risk governance deficit is a failure in the identification, framing, assessment, management
and communication of a risk issue or of how it is being addressed. As such, it can also be
understood as a risk governance challenge. Governance deficits are common and may be
found throughout the risk handling process. They are actual and potential shortcomings and
can be remedied or mitigated.
Risk governance deficits operate at various stages of the risk governance process, from the
early warnings of possible risk to the formal stages of assessment, management and
communication. IRGC has identified and analysed some of these deficits which, for
conceptual clarity, have been divided into two categories: those in the risk assessment
(cluster A, see Figure 4 below) and those in the risk management (cluster B, see Figure 5)
(IRGC, 2009)
Figure 4: Deficits in assessing and understanding risks (IRGC, 2009)
12
Possible deficits concerning responsibilities and actions in order to reduce, mitigate or avoid
the risk:
Figure 5: Deficits in managing risks (IRGC, 2009)
2.2 Vulnerability is increasing, hence the need to consider resilience
building
A side effect of “successful” risk management is that populations at risk may increase their
exposure, as a result of deliberate or unintentional decisions. This is often the case in natural
hazard-risk prone areas, where improvement in early-warning, prevention and risk mitigation
can lead to a feeling of safety that overall increases the exposure to the risk and the assets
at risks. A report of the Integrated Research on Disaster Risk (IRDR) FORIN project
summarises “Responsibility for the continued growth in vulnerability and exposure is locally
specific and diffuse over individuals, organizations, jurisdictions, and over time. This diffuse
responsibility is not something planned or methodically organized but has simply evolved or
grown up in this way.” (IRDR, 2011).
13
As proposed in section 1.5, resilience is one of the risk management strategies that is
relevant, and must be pursued in case of lack of knowledge or evidence about the risk
source and its impact. It is mainly a protective strategy to build in defenses to the whole
system against the impact of the realization of an unknown or highly uncertain risk.
Instruments for resilience include designing systems with flexible response options, or also
improving emergency management (IRGC, 2005). However, strategies to build robustness,
especially of critical infrastructures, should be pursued as well, as long as knowledge exists
and can be used or can be developed.
Many organisations, both in the public and the private sectors are now interested in
developing and applying the concept of resilience, to involve others in preparing to cope with
unexpected risk consequences. For example, PwC suggests: “Organisational resilience
springs from two practical forms of responsiveness. The first of these is the “buffer”, which
provides the breathing-space to absorb shocks and mount a considered response. The
second is the “adaptive capacity”, which combines strategic flexibility and organizational
agility with a culture that supports learning and renewal. If buffers are pre-requisites for
survival or “bouncing back” in a turbulent and uncertain world, then adaptive capacity
provides the momentum for “springing forward” to exploit opportunities to avert crisis or
transform during it (PwC, 2012).
2.3 When there are controversies about risk knowledge
It is acknowledged that to manage risk issues, decision makers, whether in policy or in
business, need to rely on robust expertise and sound science. This suggests that science is a
neutral and disinterested activity, clearly delineated from the politics of the policy process.
However, the scientific process itself may be subject to influence from various political,
economic, social or geopolitical interests, and important and constant efforts are needed to
make sure that science and politics are distinct activities. But once science and policy have
resolved their own and distinct uncertainties, ambiguities and trade-offs, they can and need
to communicate, in order to develop evidence-based policies.
As seen in section 1.1, risk issues are framed or constructed by organisations and risk
managers. There may therefore be some ambiguity or controversy about them. The
controversy often starts with varying interpretation of the scientific knowledge, but may also
involve different forms of knowledge, different ways to address and assess the available
knowledge, and different sets of values and ethical principles applied to the issue at hand.
Hence, controversies may be quite productive; especially if they can challenge existing
ineffective strategies or policies that create lock-ins and provide perverse incentives (Borraz,
2007).
What are the possible risk governance strategies to deal with controversies, when those
hinder the effective deployment of risk management options? If and when public or private
authorities do not put in place measures to adapt to, for example, sea level rise (and the
increased risk of flooding) on the motive that scientists do not agree on anticipated level of
rise and extent of damage, are there effective processes and instruments to resolve the
conflicts and the resulting trade-offs?
14
Box 2: Disaster risk reduction in Peru
2.4 Challenges for public institutions
In their responsibility to effectively address threats and uncertainties, governments face a
number of challenges. Managing existing risk is a normal task of all governments, and many
have developed or are developing structures and processes for elaborating comprehensive
all-hazard national risk assessment but there are two specific challenges for governments:
• communicating about risks and new threats,
• establishing processes for government agencies to deal with uncertainty and emerging,
ignored or neglected risks in a proactive manner.
The challenge of effectiveness of risk management policy norms, procedures, guidelines and
practices by governments also lies beyond the establishment of norms and procedures. It is
about setting the right conditions that allow for the “right thinking” in an institution, in such
a way that risk management is not a separate issue, but is intrinsically connected with
decision-making across agencies.
Risk governance must be a joint, collaborative effort between technical experts and
policymakers. The former may have some knowledge about issues of concern and thus they
can provide recommendations to be addressed by the latter. Policymakers on their side, who
have immediate short-term preoccupations, are seeking advice about how to deal with
longer term issues.
Questions that technical experts face in their task of preparing policymakers to deal with
complex and uncertain risks include:
• How to communicate complexity, uncertainty and ambiguity in such a way that
policymakers will be able to act on the information provided?
• How to engage at the policy level on threats that, in their view, require more attention
because their potential severity is higher than the tolerable level?
• How to overcome budget constraints?
• How to motivate investments in prevention and proactive risk management?
For policymakers, questions of immediate concern include:
• How to know which advice should be followed?
• How to deal with issues that may only materialise in the long term?
Progress in disaster risk reduction in the Peruvian National System for Public Investment (NSIP)
The standardised use of pre-investment disaster risk and cost/benefit and cost efficiency analysis
within the Peruvian National System for Public Investment (NSIP) is now being updated to
promote the use of cost benefit analysis and other relevant approaches to public decision making
as regards climate change adaptation, despite the level of controversies about actual
consequences of climate change (UN ISDR, 2013).
15
• How to act on the basis of uncertain knowledge?
• How to allocate scarce resources?
• How to satisfy various, possibly conflicting, interests?
3 Hallmarks and drivers of effective risk governance
This section will consider drivers of good or bad practices in uncertainty and risk
management. In particular, what are the main factors of successful handling of the following
aspects:
• Use of evidence-based information into recommendations and into policy decisions and
actions
• Political priorities and the need to address short-term, often pressing, issues (between
preventive disaster risk reduction and youth employment or health care, what is the
priority?)
• Budget constraints, allocation of scarce resources and risk prioritisation (how can
governments assign economic trade-offs?)
• Trade-offs between the need for inclusive participation and the need for leadership.
We propose several factors that are important for effective public sector risk governance, as
hallmarks and drivers of governance practices or also success factors. Those responsible for
disaster risk reduction are advised to consider them in order to address the objectives and
challenges they face and identify what might be missing in the work done by teams of
technical experts.
Successful risk governance relies on a number of factors related to the capability to assess
and manage exogenous risks (risk “from the outside”), typically risks from natural hazards.
But endogenous risks (risks “from the inside”), typically those that act to increase exposure
and vulnerability also exist. Those are related to how institutions and individuals are
organised in order to tackle risk from the outside. Thus “external” as well “internal” risks can
threaten affected organisations and populations.
The eleven factors proposed in this section have been drawn from IRGC’s report on Risk
Governance Deficits (IRGC, 2009), that list obstacles to be overcome; IRGC’s report on
Contributing Factors to Risk Governance (IRGC, 2010), that discusses drivers and
governance issues related to risk development; and project work about pro-active public
sector governance of emerging risks, that makes suggestions for how to foster the
development of appropriate attitudes and mindset toward effective risk management. We
propose these factors as enabling conditions for effective risk governance structures and
processes and some of the hallmarks and drivers of improved disaster risk management. The
list is not intended to be comprehensive and encompass all conditions for improving disaster
risk management, but each of the factors should be considered. We hope that, by providing
an overview of some of the challenges that governments must overcome and how their risk
governance, awareness, assessment, prevention, preparedness and management could be
improved, practitioners at the international, national and regional/local level will find
16
suggestions for how to support and improve decision making for effective disaster risk
reduction, and encourage a constructive and prospective tone nurturing positive evolution in
risk governance.
Box 3: Critical factors for successful disaster risk reduction
3.1 Communicating risk and mobilising the creation of an appropriate risk
culture
Effective communication not only helps share information and foster dialogue but is also
recognised for its capacity to trigger change in institutional and individual behaviours. Risk
communication can support behavioural change and help individuals, institutions,
organisations to adopt more risk-conscious behaviour, which help develop a risk culture in
which risk taking, risk perception and risk management capabilities align. Risk culture is
understood as the set of values, perceptions, norms, regulations, behaviours and attitudes in
which risk taking and risk avoidance can develop in a viable, sustainable and fair manner.
Communication is a normal business for any government, but communication of risk is
“risky” for governments. First because as authorities are responsible for providing safety and
security, communicating about risk may be understood as a proof of failure, so some
resistance or even denial may be expected. For example, communicating uncertainty or the
unavoidability of a damage can create credibility issues for public authorities, and therefore
result in inaction. This is even more the case when those authorities know that they don’t
have either the power or the means to deal with the risk. Then, as various actors have
differing expectations and interpretations, it is difficult to design a unique communication
message and the dialogue is complicated.
Factors that prove to be critical for effective and successful evaluation of risks related to
natural hazards and management of disaster risks include:
1. Communicating risk and mobilising the creation of an appropriate risk culture
2. Involving stakeholders, including public authorities, private sector and local communities
3. Developing transparency in goal setting and means to deal with uncertainty and conflicts
4. Designing and implementing schemes for ascertaining accountability
5. Learning how to make decisions under uncertainty: Introducing flexibility and adaptability
6. Removing perverse incentives and providing positive incentives to motivate positive action
7. Building into the systems appropriate safety margins to reduce vulnerability and increase
resilience
8. Designing and implementing integrated risk management
9. Setting priorities, including for resource allocation
10. Budgeting risk management and public investment decisions
11. Preparing for the possibility that the “worst-case” scenarios may happen.
17
It is critical to establish that communication about natural hazards and disaster risk is one
important component of successful risk management strategy. This implies, initially,
recognition by governing bodies of a problem of national significance that needs to be
addressed. Whether a government is dealing with an existing threat such as risk of flooding
in current low-lying areas or a concern about future potential but yet unclear impacts of
climate change such recognition is crucial to moving forward.
Box 4: Communicating hazards and risks in New Zealand
3.2 Involving stakeholders, including public authorities, private sector
and local communities
It has often been observed that bringing together all actors who have a stake in a risk issue,
i.e. an interest in its management, supports the development of decisions which are more
robust in the long term. When emerging threats are new or not well known and it is
necessary to make decisions in the absence of sufficient knowledge, it is useful to engage
collectively in their analysis, evaluation and management. Inclusive and multi-stakeholder
governance is a factor of effective risk governance.
The UN ISDR has stated again in the 2013 Global Assessment Report that engagement and
partnership between public authorities, non-governmental actors, civil society and the private
sector is a key driver of progress. Making information on disasters available to all
stakeholders (through networks and the development of information sharing systems) is a
core indicator toward the building of a culture of safety and resilience at all levels (UN ISDR,
2013).
3.3 Developing transparency in goal setting and means to deal with
uncertainty and conflicts
Transparency is a quality that can help that strategic goals are met. Lack of transparency
may lead to lack of resilience because of inappropriate behaviours. If there are gaps
between the values of an institution and its official statements and principles on the one
New Zealand
“The National Hazardscape Report (2007) provides an overview of the 17 most common types of
hazard in New Zealand and the principal means for managing them. Information on hazards
associated with a particular parcel of land or property may be linked to its legal title documents.
This Land Information Memoranda (LIM) or Project Information Memoranda (PIM) is available
from the local council to any party. This information may have a bearing on people’s decisions to
purchase a property, and indicate restrictions on further development or changes in use. Public
information campaigns (leaflets, media) are based on the steps that citizens should take to help
protect themselves from nationally generic and locally specific hazards and risks”. (HFA New
Zealand, 2012)
18
hand and its practice on the other hand, it will be more difficult to deal with conflicts. A lack
of transparency is a contributing factor to risk emergence and amplification.
Developing transparency implies, for example, sharing assessment and management efforts
with stakeholders and the public as much as possible. Being open and transparent can help
create a climate of trust which is necessary for dealing with the inevitable trade-offs that
need to be made. Creating transparency is closely associated with creating accountability,
which it helps to foster.
Box 5: Transparency and accountability in Indonesia
3.4 Designing and implementing schemes for ascertaining accountability
(in order to create a shared responsibility)
It is only when institutions and individuals are made accountable that risks can eventually be
managed, especially when the risk is not sufficiently familiar or developed. Ascertaining
accountability can lead to the establishment of risk ownership, and risk managers can be
rewarded for their effective actions.
Because it is difficult to establish who is accountable for a problem or a risk which has not
yet materialised, it is generally relevant to establish a place (an institution, a committee or a
process) whose role is to coordinate control that procedures are in place, that decisions are
implemented and that suggested good practices are followed.
There are various institutional ways of assigning and sharing risk ownership for natural
hazards and threats. In general, governmental agencies and sub-national authorities are
assigned the management of risks that affect the public or large parts of the population.
However, people should in general learn to accept a certain level of personal risk and
address it individually or on a shared basis with their neighbours. Approaches to “whole-of-
community” involvement such as developed by US FEMA can encourage risk sharing, in order
to lessen the burden to all affected parties (US FEMA, 2012).
Developing transparency and accountability in Indonesia
“One big challenge […] is the absence of clear regulations that govern disaster budget at the national
and local levels. This has made it difficult for decision makers at the local level to allocate disaster
budget. The government needs to formulate clear regulations related to disaster budget and make
funds disbursement more responsive and easier, while still maintaining transparency and
accountability. Regions need to be encouraged to formulate contingency plans and allocate
contingency budgets. Risk transfer mechanisms and instruments need to be further explored and
developed in cooperation with international development partners”. (HFA Indonesia, 2012)
19
Box 6: Hurricane Katrina - confusion of responsibilities
3.5 Learning how to make decisions under uncertainty: Introducing
flexibility and adaptability in decisions, in order to adapt to changing
conditions and knowledge
In the face of uncertainties, it is useful to avoid irreversibility. Institutional mechanisms that
allow for adaptation of regulation or policies as new knowledge about a potential threat is
gathered have the immense value of avoiding lock-ins. For example, they set goals (e.g.
flood entry strategies in buildings in flood prone areas) instead of imposing a technology or a
type of product (e.g. specific building materials). They encourage innovation as one risk
management option. They allow trials and errors and look forward, instead of imposing strict
regulations which may create perverse incentives. In engineering, “flexibility in design”
(Neufville & Scholtes, 2011), is an effective way to manage uncertainty. It enables system
managers to adapt to evolving environments, to avoid bad situations and take advantage of
emerging good opportunities. It is a strategic approach that views systems management as a
dynamic process in which designers necessarily add or change capacities and capabilities
over time. Flexibility in design is most desirable when the future is most uncertain, exactly
when options are most valuable.
Hurricane Katrina
- Confusion of responsibilities between federal, state and local responders.
The multi-level nature of crisis response in the US assumes a gradual expansion of government
involvement as local and then state responders are required to give assistance. However, this
“pull” approach encounters difficulties when state and local capacities are damaged or
overwhelmed. In the case of Katrina, federal responders waited too long for specific requests for
aid from state and local authorities instead of taking a more aggressive “push” approach.
Dispersed responsibilities also complicated efforts to set up a central command. Confusion about
responsibilities was increased by the existence of three major federal operational commands: the
Joint Field Office and Federal Coordinating Officer; the Principal Federal Official; and Joint Task
Force Katrina. The lack of a clear directing authority encouraged responders to “freelance”
without coordinating with appropriate authorities. For example, the heroic efforts of the Coast
Guard in search and rescue have been rightly praised, but there was little effort to coordinate
with FEMA, state agencies, the National Guard or the Department of Defense, which were also
running search operations. As a result, there was duplication of effort in some neighbourhoods
and a lack of attention to others.
The network of responders also includes NGOs, and it is important to recognise the additional
challenge of coordinating their activities. In Katrina, the Red Cross worked closely with FEMA, but
still had difficulties in coordination. The Red Cross communicated logistical needs to FEMA, but
found that FEMA often did not supply reliable information, failed to deliver promised supplies or
delivered inadequate amounts too slowly. Such problems are indicative of more serious
challenges in incorporating NGOs into the response network (Moynihan, 2008).
20
3.6 Removing perverse incentives and providing positive incentives to
motivate positive action
Perverse incentives are those that induce counterproductive or undesirable behaviours,
which can lead to negative, unintended consequences. Such incentives may lead to the
emergence of risks, either by fostering overly risk-prone behaviours or by discouraging risk
prevention.
One of the central insights of economic reasoning is that people will take more or less risk
depending upon what incentives and disincentives are present for risk taking. For example,
remuneration schemes or tax deductions for certain activities should provide incentives to
adequately balance opportunities and risks. Ideally, economists argue, the incentives faced
by individuals should be arranged so that the overall system produces the type and amount
of risk that society desires. When key decision-makers face tangible and intangible incentives
to incur more (or less) risk than best serve the interests of affected individuals or society, it
should not be surprising that poor risk tolerance decisions are made. Incentives are
“perverse” when there is misalignment between the incentives that market actors face and
the amount of risk that society desires – this leads to counterproductive or undesirable
behaviours.
Perverse incentives may appear when a “checklist mentality” exists within an organisation,
with people striving only to meet pre-set indicators, rather than adapting goals to suit
changing circumstances and attempting to get the best results possible (World Bank, 2005).
The measurement culture that is common today – where indicators are chosen on the basis
of their being easily measured or quantified – also tends to favour the creation of simple
incentives, which may not be the most appropriate.
Illustrations of such perverse incentives are well documented in both the history of risk
management and contemporary challenges. Perhaps the most pervasive form of perverse
incentive is the encouragement to seek short-term gain – political or financial – at the
expense of long-term well-being for the economy, public health, society or environmental
quality. When the time course of an emerging risk is measured in decades or centuries
rather than weeks or years, it may be particularly difficult to design reward systems that
encourage long-term risk management.
21
Box 7: New risk taking
It is easier to pinpoint the pervasive problem of perverse incentives than it is to prescribe
solutions that produce more good than harm. The basic principle is to ensure that people
making decisions about risk have some stake in the game, both benefit on the upside and
cost on the downside. Where possible, the stakes need to be symmetrical, or at least linked
to the organisation’s or society’s preferred risk tolerance posture.
In the environmental field, solutions are gravitating toward arrangements where individuals
and companies pay for any destruction of critical habitat and for threatened and endangered
species. Those people who deliberately decide to live, work or build assets in natural risk
prone areas should be financially discouraged to do so and helped to move to other areas.
The theme is to align incentives with the quest for sustainability. Insurance companies and
local authorities are on the front line to provide disincentives to unsustainable behaviours if
land-use regulations are not adopted and enforced (IRGC, 2010).
Positive incentives are also needed to encourage good behaviours. Those include subsidies
and fiscal benefits to avoid exposure and reduce vulnerability.
Perverse incentives that attract new risk
Thailand
“Thailand’s powerful Board of Investment (BOI) encouraged investment in three promotional
zones—through tax privileges; sectoral incentives through BOI-identified priority projects; and
privileges provided by the Industrial Authority of Thailand (IEAT). Although privileges offered in
Zone 1, the areas surrounding Bangkok, were lower than those offered in regions further inland,
they were still substantial, including corporate tax exemption for 3 years and a 50 percent
reduction on import duty for machinery. Although this policy was successful in attracting FDI, it led
to massive increases in flood exposure. Much of the investment took place in former rice paddies
located in floodplains of the provinces, which paved the way for the 2011 Chao Phraya flood
disaster”. (UN ISDR, 2013), page 215.
China
“In May 2010, extreme rains killed at least 86 people in Guangzhou and disrupted the lives of 8
million. The most damaging storm in 30 years, which cost Guangzhou US$85 million, challenged
the city’s flood-control drainage systems and damaged 256,800 acres of farmland. Yet, despite
these apparent risks, investors and their advisors do not rank them on par with other investment
considerations such as corporate tax breaks, labour laws and costs and other direct business costs.
Recent risk analyses of Guangzhou and Guangdong provinces do not refer to disaster risk other
than the possibility that companies could be held responsible by government or communities for
environmental impacts or disasters. Instead, there are broad incentives for increased investment in
flood-prone areas.” (UN ISDR, 2013), page 216.
22
3.7 Building appropriate safety margins into the systems, to reduce
vulnerability and increase resilience
The level of connectivity in many of today’s social and technical systems is greater than in
the past and the interconnections are increasing. The pace at which these systems operate is
becoming faster and many are operating under higher levels of stress. This can lead to tight-
coupling of components within systems and to loss of safety margins – a loss of slack or
buffering capacity that leaves systems more vulnerable to disruption and thus increases the
likelihood that new risks will emerge.
Fortunately, risk managers have several options to minimise undesirable outcomes that can
result from tight coupling and the loss of safety margins. Building critical system
infrastructures with more redundancy and resilience (where each component in the system
has not only the ability to draw on other components for support, but also, crucially, a
degree of self-sufficiency to fall back on in case of emergency) can limit cascading effects.
However, specific incentives are often needed to encourage these measures, which may be
costly to put in place and provide no benefit except in case of emergency (Homer-Dixon,
2006). Making investments such as these can be problematic as it involves resisting pressure
from shareholders or tax-payers to reduce what is seen as unnecessary spending – such
pressures often lead organisations to reduce their safety margins to dangerously low levels.
In general, organisations that promote an attitude to safety that rewards conscious
behaviours is better equipped to deal with surprises such as those occurring as a result of
disaster from natural hazards (IRGC, 2010).
3.8 Designing and implementing integrated risk management
With regard to emerging hazards and risks, with various origins and causes, it is often
difficult to identify which impacts they will have across a variety of fields and how they may
affect various actors. Additionally, the actions of various stakeholders may interact. There is
often complexity and uncertainty and it is useful to frame the issue under consideration and
set the boundaries of the analysis in such a way that it will be possible to identify and
understand the various interactions. An integrative approach is useful.
With regard to an inter-agency approach to integrated risk management, so called “cross-
cutting” or systemic risks in particular require specific attention and the integration of various
governmental agencies to develop effective management options and implement decisions.
It is important to learn how to integrate the actions of different government sectors in the
assessment, communication and management of risks that affect them all.
23
Box 8: Integrated risk management in government
Box 9: Multi-hazard mapping and national risk profile in Rwanda
3.9 Setting priorities, including for resource allocation
It is not possible to address all potential threats to the security and safety of a population or
economy. Institutions routinely select those threats whose impact may be most severe. To
this end, they develop criteria and indicators (that may indicate important thresholds) and
other tools and processes for determining when a potential threat becomes serious enough
to become the focus of attention and necessitates risk avoidance or reduction measures.
This requires the understanding of that entity’s risk tolerance or appetite: how much risk it
can take, which determines the point beyond which (a) risk becomes too great to absorb and
(b) additional risk mitigation or prevention measures need to be taken ex ante. A better
understanding of the loss threshold beyond which public and private institutions as well as
individuals must engage in proactive risk management must precede actual risk management
decisions. Defining that level (threshold) depends on many variables, which communication
can help to identify. These variables include: cost-benefit analyses but also preference
analyses (in order to influence risk-sensitive behaviour).
All-hazards national risk assessment and integrated country risk management
Some governments have established structures and processes for “all-hazards” national risk
assessments (that provide the evidence base for integrated assessment of risks and their
impacts); “whole-of-government” approaches to integrated risk management (that involve all
government agencies in the management of a risk that does or may affect them;) and “all-
community” risk management (whose purpose is to involve communities and the public in the
management of uncertain, complex issues that require wide-ranging multi-stakeholder and
collective action). These structures and processes are designed to discuss with all potentially
affected parties the identification of new threats, issues or interactions between risks.
Information on these approaches can be found on various public websites.
A multi-hazard approach has been considered in policy development exercise in Rwanda.
“An evidence-based Comprehensive National and District Disaster Risk Analysis Project fund has
been approved jointly by the World Bank and European Union. Hazard mapping will be carried
out by modeling earthquakes, volcanic eruptions, landslides, floods, epidemics, storms and
droughts. The project is expected to produce a National Risk Profile and a GIS-based National
Disaster Risk Database among others.” (HFA Rwanda, 2012)
24
3.10 Budgeting risk management and public investment decisions
It can be very difficult for governments to allocate budget to disaster risk reduction. The key
to success is to consider it as in investment in the future, motivated by long term
considerations, and to design and use innovative financing mechanisms, such as those
developed in the G20/OECD methodological framework for disaster risk assessment and
financing (OECD, 2012). In any case, clear political leadership is needed, which raises again
the question of individual motivation to engage and feel accountable to overall disaster risk
reduction.
Box 10: OECD methodological framework for disaster risk assessment and risk financing
G20 / OECD methodological framework for disaster risk assessment and risk financing
The framework is intended to help finance ministries and other governmental authorities in
developing more effective disaster risk management strategies and, in particular, financial
strategies, building on strengthened risk assessment and risk financing. While the framework
does not specifically explore disaster risk reduction policies, it highlights the strong
interconnections between disaster risk assessment, risk reduction and financial management,
key building blocks for dynamic and continually evolving disaster risk management strategies.
25
Box 11: Mexico FONDEN
3.11 Preparing for the possibility that the “worst-case” scenarios may
happen
People tend to believe that “bad things only happen to others”. Building awareness that this
is wrong could help each individual, as well as the organisations that represent them, to
prepare for unexpected events.
Mexico Fonden: Investments in risk reduction, the case of Tabasco, Mexico
“The Government of Mexico, with support from the World Bank, has initiated the assessment
and monitoring of public investments in disaster risk reduction at the federal level.
Investments are analysed as to how hazard and risk information is collected and used in
governmental decision for disaster risk reduction and prevention. The impact of existing
investments is monitored and mechanisms are implemented to prepare future investments in
prevention and disaster risk reduction” (UN ISDR, 2013).
“National Disaster Fund (FONDEN) of Mexico is currently investing between 25 and 30 per cent
of its resources in building back better. These investments in risk reduction can enable a
significant reduction in disaster losses. The floods in the State of Tabasco in 2007 (UNISDR,
2009) caused losses equivalent to 30% of the state’s GDP. Following the disaster, FONDEN
financed a range of studies of the regions hydrology, urban development and land use which
led to the implementation of an integrated programme of investments to reduce disaster risk.
The value of these investments became apparent in the 2010 floods in the state. As Figure 6
below shows more rain fell in the state in 2010 than in 2007. However, the direct and indirect
losses were only a fifth of those in 2007.” (UN ISDR, 2013)
Figure 6: Losses from floods in Tabasco, Mexico, in 2007 and 2009. Source: FONDEN, UNISDR
26
Past experience has taught us to expect surprises. No one can reliably predict the future. No
matter how good an early warning system is, or how thoroughly risk assessments are
conducted, it is important to acknowledge that risk assessment relies on decisions about
what, conceivably, could go wrong. In setting the boundaries for the formal risk assessment
process, decision-makers need to remain conscious of the fact that surprises, or events
outside expected paradigms (so called “Black Swans”), are always possible and that it is
necessary to break through embedded cognitive barriers in order to imagine events outside
the boundaries of accepted paradigms (see deficit “A10” in Figure 4).
Standard responses are sometimes not sufficient or adequate to deal with risks that escalate
into unexpected crises (see deficit “B13” in Figure 5). Risk managers must be able to
recognise when they are faced with such risks, such as when they have to face natural
disasters or breakdowns of large critical networks. They should also acknowledge that
systems and processes which work well today may not work well when dealing with
unexpected and unforeseeable events. This means that decision-makers’ capacity to respond
to unexpected events depends on their flexibility – for example, their authority or willingness
to reallocate resources when required – and the level of resilience and redundancy built into
their organisational systems. The greater the redundancies and resilience, the better the
system will react to unexpected surprises, giving risk managers more time to adapt to new
circumstances.
For example, actions taken in light of the potential risks posed by the “Millennium Bug”
included building redundancies by installing multiple back-up systems and increasing
resilience by decentralising certain critical infrastructures. Although no major problems
surfaced on 1 January 2000, these actions were not without benefit, as they had a major
effect on risk management and contingency planning in the information technology industry
(Cumming, 2002), (IRGC, 2009).
27
Conclusion
Risk governance deals with risk decision-making in complex and changing contexts. It
identifies relevant systems and their interactions. It aims to improve the effectiveness and
quality of outcome. Many of the obstacles to disaster risk governance relate to a poor
understanding of what motivates people and organisations to act for the common good. For
example, we don’t understand well how people interpret the risks of various natural hazards
related to their actual choices and behaviour. We need to learn how to overcome the bias of
decision-making toward the short-term, or toward the pursuit of private interests to the
detriment of the public interest. Understanding decision-making processes and how these
affect vulnerability and resilience is necessary to avoid that hazards become disasters or that
the consequences of risk are amplified.
UNISDR seeks to build upon the extensive data collected through the Hyogo Framework for
Action (HFA) and develop a decision-support mechanism that would assist governments in
domestic intra-disciplinary planning and budgetary decision-making for effective risk
management. We hope that this paper can contribute to understand some of the core
elements of the risk governance progress and of the enabling conditions for effective
decisions.
28
References
Borraz, O. (2007). Risk and public problems. Journal of Risk Research 10(7), 941-957.
Cumming, C. (2002). September 11 and the U.S. payment system. Finance and Development
(39) 1.
HFA Indonesia. (2012). National Progress Report - Hyogo Framework for Action 2011-2013.
HFA New Zealand. (2012). National progress report on the implementation of the Hyogo
Framework for Action 2011-2013.
HFA Rwanda. (2012). National progress report on the implementation of the Hyogo
Framework for Action (2011-2013), page 34 - PreventionWeb.net.
Homer-Dixon, T. (2006). The Upside of Down: Catastrophe, creativity and the renewal of
civilisation. London: Souvenir Press.
IRDR. (2011). Forensic Investigations of Disasters: The FORIN Project (IRDR FORIN
Publication No. 1), page 9. Integrated Research on Disaster Risk.
IRGC. (2005). White Paper on integrated risk governance.
IRGC. (2009). Risk Governance Deficits.
IRGC. (2010). Contributing factors to risk emergence.
Moynihan, D. P. (2008). The Response to Hurricane Katrina. Retrieved January 7, 2014, from
www.irgc.org: http://irgc.org/wp-
content/uploads/2012/04/Hurricane_Katrina_full_case_study_web.pdf
Neufville, R. d., & Scholtes, S. (2011). Flexibility in Engineering Design. Cambridge, Mass:
MIT Press.
OECD. (2003). Emerging Systemic Risks. Final Report to the OECD Futures Project. Paris.
OECD. (2012). Disaser risk assessment and risk financing, G20/ OECD methodological
framework. avaialble on
http://www.oecd.org/gov/risk/G20disasterriskmanagement.pdf .
PwC. (2012). Integrity, business ethics and the resilient organization.
RIBA. (2007). the Royal Institute of British Architects: Recommendations for improving the
flood performance of new buildings.
UN ISDR. (2013). Global Assessment Report, Chapter 14.
US FEMA. (2012). Whole Community. Retrieved January 6, 2014, from US Federal
Emergency Management Agency: http://www.fema.gov/whole-community
World Bank. (2005). 2004 Annual report on operations evaluation.
http://lnweb90.worldbank.org/oed/oeddoclib.nsf/24cc3bb1f94ae11c85256808006a00
46/8e49d9d2a5f86e7a85256fc500565a1e/$FILE/2004_aroe.pdf.
29
About the authors
Marie-Valentine Florin is the Managing Director of IRGC. She spent the first part of her
career (1984-1999) in an international socio-cultural research and marketing consulting firm.
Before joining IRGC in 2006, she was consulting local authorities on strategies and practices
for sustainable development. She was also involved in philanthropic and humanitarian
organisations. Marie-Valentine Florin graduated from Science Po in Paris (political science
and public administration), and then earned a post-graduate diploma in marketing strategy
from the same institute. In 2004 and 2008 she studied sustainable development and
environmental diplomacy at University of Geneva.
Jianhua Xu is an associate professor at the Department of Environmental Management,
College of Environmental Sciences and Engineering, Peking University. She is also deputy
Director of IRGC China, Center on risk governance at the School of Public Policy and
Management at Tsinghua University. She got her PhD in engineering and public policy from
Carnegie Mellon University. Her research interests are in environmental and energy policy,
and risk governance.